DROP

The Spamhaus Do not Route Or Peer (DROP) advisory list includes IP address ranges that are known to have been hijacked by professional spammers and cyber criminals, or have been directly allocated to criminal organizations by a regional internet registry (RIR).

These networks are completely controlled by criminal organizations and send zero legitimate traffic. They are solely used for spamming; hosting malware-infected sites; distributing phishing emails; hosting botnet command and control servers; and launching DDoS attacks against other networks.

It also contains a list of IP ranges that cyber criminals have leased from ISPs for the same purposes.

Any traffic from your network to a DROP listed IP address is likely to be a user responding to a phishing email, or a device infected with botnet malware.

DROP can be loaded into your router, BGP gateway, IDS, or firewall and used to block malicious email and internet traffic at your network edge.

By simply blocking connections from any IP address from a listed range, you can avoid wasting bandwidth and protect your users from being exposed to phishing links and malware embedded in spam emails.

Spamhaus updates the DROP list every few minutes. However, these lists generally remain stable because criminals tend to control IP address blocks for an extended period.

All networks that are listed in DROP are also listed in the Spamhaus SBL. From 1st June 2016, in addition to returning the standard return code 127.0.0.2 for an SBL listing, all three zones: sbl.spamhaus.org; sbl-xbl.spamhaus.org; zen.spamhaus org, have also returned the new code 127.0.0.9, to denote that an IP address is listed in DROP as well as the SBL.

Keep ahead of the threat - for free

DROP is the most powerful ways to protect you from the 'worst of the worst' on the internet so we have made this Zone available as a no-cost public service to direct users of the data as part of our Response Policy Zone service.

See the positive impact real-time threat intelligence from Spamhaus can have - protecting you, your networks and your users.